Skip to content

LDAP Integrated Service (LIS)

LIS offers assistance for enabling multi-factor authentication (MFA) in third-party web applications using application authentication. This approach is particularly useful when configuring MFA in applications that don't natively support it, and when the HySecure client isn't used for authentication.

LIS functions as a proxy authentication server, allowing users to log in with their username, password, and multi-factor authentication. However, creating HyID policies for the user is necessary to use multi-factor authentication.

Configure LIS

  1. Log in to the HySecure Management console.

  2. Go to Settings > Services Config > LIS Configuration.

  3. Under General Configuration, provide the following information:

    1. Application Display name: Name of the application for which MFA will be configured.

    2. Admin User: The Administrator of the Authentication server being proxied using LIS. Multiple users can be added, separated by a comma. A service account can also be provided instead of an Administrator.

    3. Proxy For Authentication Domain: Choose the HySecure domain from the dropdown list.

    4. Connect To: Choose the Authentication server to connect from the Domain selected in the previous step. All the servers added on the Authentication > Authentication Servers page are listed here.

  4. Under MFA Configuration, provide the following information:

    1. Additional MFA Enable: If enabled, the user will be asked for MFA and credentials upon logging into the Application. The user can access it using a username and password if not enabled.

    2. Validate Using: LIS is configured on the server that acts as a proxy for the authentication server. Provide the hostname/IP Address of the LIS server here. If the LIS is hosted on the same machine as the HyID server, then provide the Virtual IP address of the HyID server. The port number, usually 443, is the listening port of the HySecure gateway or HyID Server.

    3. Token Type: Only mobile tokens are supported and governed by HyID policies.

    4. Allow OTP in Password: Enable to combine one-time passwords generated by a token with static passwords to achieve two-factor authentication. If enabled, the user must provide OTP followed by the password. OTP and password must be delimited by a dot (.), for example, 12345.mypassword.

  5. Under Logging Configuration, provide the following information:

    1. Enable Logs: Enable to generate logs related to LIS.
    2. Logging Mode: If logging is enabled, the log file is generated and stored at the location: /home/fes/logs/ads.log.

  6. Click Submit to save the configuration. For the cluster deployments, LIS configuration is reflected automatically in each node, but you must save configuration in each node to implement.